Managing GDPR for digital experiences

GDPR. It’s a scary sounding term. But what does this behemoth of rules, regulations and privacy policy from the European Union really mean for your business and digital experience?

In this blog post, we’re explaining it all. From privacy policies to content management, here’s everything you need to know about GDPR and digital experiences.

What is GDPR?

In a digital world, more data is available than ever before. In order to help protect customers from having theirs used improperly, the EU put new sanctions and regulations in place from 25 May 2018. Known as GDPR, or “General Data Protection Regulation”, this new regulation is aimed at reducing the severity and frequency of security breaches, and curbing the mishandling of personal data online.

The GDPR regulation is made up of lots of articles, but it’s main objective is to give people power over the data, including:

The right to be forgotten

The right of access

The right to object

The right to restrict processing

The right to rectification

The right to data portability

The right to consent in an understandable manner

The right to purpose limitation and data minimisation

How should you manage GDPR for your digital experiences?

There are a few steps you can take to ensure your digital experience is GDPR-compliant.

1. Appoint a data controller

Ensure your data is processed correctly with the help of a dedicated data controller, i.e. an individual or legal person who controls and is responsible for the keeping and use of personal information in your systems. The data controller will also be the contact person if someone would like to delete or get insight into the data a company has connected to that person.

2. Draw up a privacy policy

A privacy policy needs to cover your website, app, and any other service you’re using (like Google Analytics and HubSpot).

Pro tip: Use a solution like iubenda to simplify the process of making sure your apps and sites are compliant.

3. Ensure your digital experience is secure

Using HTTPS is a good start, but to make sure your digital experience is really secure test it using the OWASP framework or similar. And don’t forget about your CMS. Not only should you ensure the CMS hosting is GDPR compliant, but it’s important to have a system in place to actively manage privacy.

You’ll need to think about your data processor terms too. As part of GDPR, you have to ensure your data processor terms are in place and readily available, with additional reporting on data processing activities.

4. Stay on top of content and data management

Your organisation needs to be in complete control of where it stores data. That’s because under GDPR regulation, customers have the right to view, update, export, download and delete any of the data they’ve shared with you. To make this possible, you’ll need the infrastructure required to allow customers access to their data, as well as a system that keeps data controllers in the loop.

5. Manage consent

Invest in a central CRM like HubSpot or Salesforce.com to ensure you can manage your contacts and their consent across all your applications.

6. Cookie tracking

When cookies can identify an individual person via their device, it is considered personal data. The majority of cookies are used in that way and will be a subject to GDPR.

To be compliant one can use soft opt-in consent. According to Cookie Law this means giving an opportunity to act before the cookies start tracking actions. If there is a fair notice, continuing to browse can in most circumstances be valid consent via affirmative action.

GDPR boils down to one thing: control. These regulations gives customers control over the type of data they share, where it’s stored, and for how long. And importantly, it gives them the right to be forgotten. As long as your digital experience infrastructure allows for all of this, you’re well on your way to being GDPR compliant.